Hello community,
here is the log from the commit of package apache2-mod_nss for openSUSE:Factory checked in at 2018-12-06 12:18:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_nss (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_nss.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_nss"
Thu Dec 6 12:18:29 2018 rev:31 rq:655362 version:1.0.18
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_nss/apache2-mod_nss.changes 2018-03-29 11:57:36.982029928 +0200
+++ /work/SRC/openSUSE:Factory/.apache2-mod_nss.new.19453/apache2-mod_nss.changes 2018-12-06 12:18:37.589435463 +0100
@@ -1,0 +2,7 @@
+Wed Dec 5 10:22:19 UTC 2018 - Vítězslav Čížek
+
+- Update to 1.0.18
+ * Initial support for new mod_proxy function ssl_engine_set
+ * Fix some warnings from clang
+
+-------------------------------------------------------------------
Old:
----
mod_nss-1.0.17.tar.gz
New:
----
mod_nss-1.0.18.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_nss.spec ++++++
--- /var/tmp/diff_new_pack.EewG1t/_old 2018-12-06 12:18:38.313434686 +0100
+++ /var/tmp/diff_new_pack.EewG1t/_new 2018-12-06 12:18:38.317434682 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -25,7 +25,7 @@
%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)
%define apache_sysconf_nssdir %{apache_sysconfdir}/mod_nss.d
Name: apache2-mod_nss
-Version: 1.0.17
+Version: 1.0.18
Release: 0
Summary: SSL/TLS module for the Apache HTTP server
License: Apache-2.0
++++++ mod_nss-1.0.17.tar.gz -> mod_nss-1.0.18.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/ChangeLog new/mod_nss-1.0.18/ChangeLog
--- old/mod_nss-1.0.17/ChangeLog 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/ChangeLog 2018-12-04 20:47:45.000000000 +0100
@@ -1,3 +1,10 @@
+2018-12-04 Rob Crittenden
+ * Become 1.0.18
+
+2018-04-12 Rob Crittenden
+ * Initial support for new mod_proxy function ssl_engine_set
+ * Fix some warnings from clang
+
2018-03-27 Rob Crittenden
* PEP-8 fixups
* Add TLS 1.3 support to the cipher tests
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/configure.ac new/mod_nss-1.0.18/configure.ac
--- old/mod_nss-1.0.17/configure.ac 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/configure.ac 2018-12-04 20:47:45.000000000 +0100
@@ -1,5 +1,5 @@
# Required initializer
-AC_INIT([mod_nss],[1.0.17])
+AC_INIT([mod_nss],[1.0.18])
m4_include([acinclude.m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/mod_nss.c new/mod_nss-1.0.18/mod_nss.c
--- old/mod_nss-1.0.17/mod_nss.c 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/mod_nss.c 2018-12-04 20:47:45.000000000 +0100
@@ -220,8 +220,85 @@
return sslconn;
}
+static int nss_engine_status(conn_rec *c, SSLConnRec *sslconn)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+
+ if (c->master) {
+ return DECLINED;
+ }
+ if (sslconn) {
+ if (sslconn->disabled) {
+ return SUSPENDED;
+ }
+ if (sslconn->is_proxy) {
+ if (!sc->proxy_enabled) {
+ return DECLINED;
+ }
+ }
+ else {
+ if (sc->enabled != TRUE) {
+ return DECLINED;
+ }
+ }
+ }
+ else {
+ if (sc->enabled != TRUE) {
+ return DECLINED;
+ }
+ }
+ return OK;
+}
+
static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *othermod_proxy_enable;
static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *othermod_engine_disable;
+#ifdef SSL_ENGINE_SET
+static APR_OPTIONAL_FN_TYPE(ssl_engine_set) *othermod_engine_set;
+
+int nss_engine_set(conn_rec *c,
+ ap_conf_vector_t *per_dir_config,
+ int proxy, int enable)
+{
+ SSLConnRec *sslconn;
+ int status;
+
+ if (othermod_engine_set) {
+ return othermod_engine_set(c, per_dir_config, proxy, enable);
+ }
+
+ // FIXME: Add support for per_dir_config
+ if (proxy) {
+ sslconn = nss_init_connection_ctx(c);
+ sslconn->is_proxy = 1;
+ }
+ else {
+ sslconn = myConnConfig(c);
+ }
+
+ status = nss_engine_status(c, sslconn);
+
+ if (proxy && status == DECLINED) {
+ if (enable) {
+ SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)
+ "SSL Proxy requested for %s but not enabled "
+ "[Hint: SSLProxyEngine]", sc->vhost_id);
+ }
+ sslconn->disabled = 1;
+ }
+ else if (sslconn) {
+ sslconn->disabled = !enable;
+ }
+
+ return status != DECLINED;
+}
+
+static int ssl_engine_set(conn_rec *c,
+ ap_conf_vector_t *per_dir_config,
+ int proxy, int enable) {
+ return nss_engine_set(c, per_dir_config, proxy, enable);
+}
+#endif
int nss_proxy_enable(conn_rec *c)
{
@@ -503,14 +580,23 @@
/* Always register these mod_nss optional functions */
APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
+#ifdef SSL_ENGINE_SET
+ APR_REGISTER_OPTIONAL_FN(nss_engine_set);
+#endif
/* Save the state of any previously registered mod_ssl functions */
othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
+#ifdef SSL_ENGINE_SET
+ othermod_engine_set = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set);
+#endif
/* Always register these local mod_ssl optional functions */
APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
+#ifdef SSL_ENGINE_SET
+ APR_REGISTER_OPTIONAL_FN(ssl_engine_set);
+#endif
}
module AP_MODULE_DECLARE_DATA nss_module = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/mod_nss.h new/mod_nss-1.0.18/mod_nss.h
--- old/mod_nss-1.0.17/mod_nss.h 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/mod_nss.h 2018-12-04 20:47:45.000000000 +0100
@@ -72,6 +72,11 @@
#undef PACKAGE_BUGREPORT
#include "config.h"
+#if (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER == 4 \
+ && AP_SERVER_PATCHLEVEL_NUMBER > 32)
+#define SSL_ENGINE_SET 1
+#endif
+
/* The #ifdef macros are only defined AFTER including the above
* therefore we cannot include these system files at the top :-(
*/
@@ -488,11 +493,23 @@
/* Proxy Support */
int nss_proxy_enable(conn_rec *c);
int nss_engine_disable(conn_rec *c);
+#ifdef SSL_ENGINE_SET
+int nss_engine_set(conn_rec *c,
+ ap_conf_vector_t *per_dir_config,
+ int proxy, int enable);
+#endif
APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
+#ifdef SSL_ENGINE_SET
+APR_DECLARE_OPTIONAL_FN(int, nss_engine_set, (conn_rec *,
+ ap_conf_vector_t *,
+ int proxy, int enable));
+#endif
+
+
/* I/O */
PRFileDesc * nss_io_new_fd();
int nss_io_layer_init();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/nss_engine_init.c new/mod_nss-1.0.18/nss_engine_init.c
--- old/mod_nss-1.0.17/nss_engine_init.c 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/nss_engine_init.c 2018-12-04 20:47:45.000000000 +0100
@@ -45,13 +45,6 @@
extern cipher_properties ciphers_def[];
-static char *version_components[] = {
- "SSL_VERSION_PRODUCT",
- "SSL_VERSION_INTERFACE",
- "SSL_VERSION_LIBRARY",
- NULL
-};
-
/* See if a uid or gid can read a file or directory at a given path.
*
* Return 0 on failure or file doesn't exist
@@ -109,19 +102,17 @@
static void nss_add_version_components(apr_pool_t *p,
server_rec *s)
{
- char *vals[sizeof(version_components)/sizeof(char *)];
- int i;
+ char *interface, *library;
- for (i=0; version_components[i]; i++) {
- vals[i] = nss_add_version_component(p, s,
- version_components[i]);
- }
+ nss_add_version_component(p, s, "SSL_VERSION_PRODUCT");
+ interface = nss_add_version_component(p, s, "SSL_VERSION_INTERFACE");
+ library = nss_add_version_component(p, s, "SSL_VERSION_LIBRARY");
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Server: %s, Interface: %s, Library: %s",
AP_SERVER_BASEVERSION,
- vals[1], /* SSL_VERSION_INTERFACE */
- vals[2]); /* SSL_VERSION_LIBRARY */
+ interface,
+ library);
}
/*
@@ -773,7 +764,7 @@
char *protocol_marker = NULL;
char *lprotocols = NULL;
SECStatus stat;
- SSLVersionRange enabledVersions;
+ SSLVersionRange enabledVersions = {0,0};
ssl3 = tls = tls1_1 = tls1_2 = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/nss_engine_vars.c new/mod_nss-1.0.18/nss_engine_vars.c
--- old/mod_nss-1.0.17/nss_engine_vars.c 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/nss_engine_vars.c 2018-12-04 20:47:45.000000000 +0100
@@ -266,7 +266,7 @@
resdup = FALSE;
}
/* all other env-variables from the parent Apache process */
- else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
+ else if ((r != NULL) && strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
result = (char *)apr_table_get(r->notes, var+4);
if (result == NULL)
result = (char *)apr_table_get(r->subprocess_env, var+4);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mod_nss-1.0.17/nss_pcache.c new/mod_nss-1.0.18/nss_pcache.c
--- old/mod_nss-1.0.17/nss_pcache.c 2018-03-27 22:40:30.000000000 +0200
+++ new/mod_nss-1.0.18/nss_pcache.c 2018-12-04 20:47:45.000000000 +0100
@@ -323,9 +323,9 @@
PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
char buf[1024];
PRInt32 nBytes;
- char * command;
- char * tokenName;
- char * tokenpw;
+ char * command = NULL;
+ char * tokenName = NULL;
+ char * tokenpw = NULL;
int fipsmode = 0;
union semun semarg;
@@ -397,6 +397,7 @@
command = getstr(buf, 0);
if (command && !strcmp(command, "QUIT")) {
+ free(command);
break;
} else if (command && !strcmp(command, "STOR")) {
PRInt32 err = PIN_SUCCESS;